Admin Alert: V6R1 Changes for the i5/OS Administrator, Part 1
Published: April 9, 2008
by Joe Hertvik
Last week, I visited the annual COMMON user group conference in Nashville, Tennessee, to see what's new and upcoming for administrators with the new V6R1 i5/OS operating system. While others have been covering the broader changes to the operating system, this week and next I'll focus on some smaller changes that will affect the fine art of administering a System i box.
Before I begin, I would like to note that all the information contained here comes from available information about the new release as well as information I picked up at COMMON from IBMers and various System i experts. Since V6R1 is brand new and not installed in the wider base of i5/OS shops yet, there's not a lot of practical hands-on experience out there. The information I'm discussing today reflects early impressions and facts about the new system. This information will be vetted out in future articles as we all get a chance to thoroughly test it.
OpsNav Swan Song
Over time, iSeries Navigator (OpsNav) will be phased out in favor of the new Web-based Systems Director Navigator for i5/OS (IBM Director), which is based on IBM's Systems Director family of products. The IBM Director product will be installed on your system from i5/OS media either as product 5722DR1 (server) or as product 5722DA1 (an agent for a managed node).
According to IBM, the new IBM Director browser contains almost 300 new and previously released Web-based tasks for managing a System i box (the previously released parts of IBM Director were released as URL addressable functions for iSeries Navigator, also known as System i Navigator and OpsNav). The bad news is that it will only contain 90 percent of the features that are currently contained in OpsNav, so you will still need to use OpsNav for certain features, such as Management Central. I was unable to find a definitive list of OpsNav items that aren't included with IBM director, but I suspect that they include many graphical built-on Windows technologies that weren't easily ported to the browser.
At COMMON, IBM said they are working on incorporating additional OpsNav functionality into IBM Director and will deliver it in a later update. Unfortunately, this creates a situation where you will have three different functions for controlling your system in i5/OS V6R1.
- The 5250 green screen interface, which contains all the command-based functions for controlling your system.
- iSeries Navigator, a.k.a. System i Navigator (OpsNav).
- Systems Director, which contains 90 percent of OpsNav's features, plus a number of new functions that you can learn about by checking out this article.
Short term, the problem may be determining which function you need to use to control your system, and it may take a while to get used to all the new features available with IBM Director. Also, going from two to three management interfaces may confuse i5/OS administrators. Longer term, administrators and users should be able to stop using iSeries Navigator altogether as more of its features are migrated to IBM Director. However, it's unclear whether administrators will ever be able to give up using 5250 green screen administration in favor of IBM Director, as there have always been some functions that are resistant to being ported to a graphical interface.
Backing Up Spooled Files
V6R1 is the first i5/OS release that will support saving and restoring spooled files. This function will be accomplished through a new Spooled File Data (SPLFDTA) parameter on the Save Library (SAVLIB) and Restore Library (RSTLIB) commands. The new SPLFDTA parameter can be set to the following values on these commands:
- For SAVLIB, the default SPLFDTA value will be *NONE, meaning that none of the spooled files from the saved library will be saved. When SPLFDTA is set to *ALL, all the output queues (and their contents) in libraries being saved will also be saved.
- For RSTLIB, SPLFDTA's default setting will be *NEW. *NEW specifies that RSTLIB will restore all saved spooled files that are not already present in the restored library's output queues. You can also set SPLFDTA to *NONE to avoid restoring spooled files when a library is restored.
Be aware, however, that there are some save/restore considerations to think about when working with spooled files. First, the saves will preserve spooled file attributes regarding the spooled file name, file number, creation time and date, and the fully qualified job names and job system names. But these and other attributes may not be restored depending on whether the spooled files are restored to a different output queue, or whether the spooled files are restored after their expiration date.
Second, SAVLIB and RSTLIB will only save and restore entire output queues. There is no V6R1 option to work with individual spooled files.
Third, IBM's Backup Recovery and Media Services product (BRMS) also uses the new spooled file support in V6R1.
Finally, be aware that while this function is valuable, it will add extra time to your backup and restore routines. If you're on a tight backup schedule, be sure to rigorously test out the function before you put it into production, lest you start missing critical uptime requirements.
Time Running Out for V5R3--April 2009
As IBM released V6R1 to general production, it also updated its end of support schedule for older releases. Be aware that IBM will end support for i5/OS V5R3Mx as of April 30, 2009. If you are still running this release and you want to retain support, you will need to upgrade your operating system by that time.
Also, if you're looking ahead far enough, the next i5/OS version may be released in 2010, according to some stray comments mentioned in one COMMON session. This could mean that the end of support date for i5/OS V5R4 might also come in 2010, but it's just speculation as it is too early for IBM to make any definitive announcements on these releases. To view IBM's current support schedule, go to the the IBM i5/OS & OS/400 release support Web page.
i5/OS Media To Be Delivered on DVD
IBM also mentioned that with V6R1, it will start delivering i5/OS media on DVD, rather than on CD-ROM. Given that IBM has been shipping DVD drives with its machines for at least the last five years, it's reasonable to assume that most upgrade customers already have a DVD reader on their system. The biggest benefit in switching from CDs to DVDs is that where installation media on CD was generally delivered on eight to 10 or more CDs, the V6R1 installation media will now most likely be delivered on two to three DVDs.
Setting Password Rules in Tandem
Prior to V6R1, i5/OS controlled password composition rules by having the administrator set a number of password composition system values, and all of these system value names started with 'QPWD*' (password composition rules can also be set in OpsNav). Pre-V6R1, each system value covered one password composition setting (QPWDLMTCHR prevents certain characters from being used in a password, QPWDLMTREP restricts repeating characters, etc.) and on a 5250 green screen, each value had to be set individually without being able to view your password composition values in tandem. For a list of how the pre-V6R1 password composition system values work, see my Admin Alert, Eliminating Easy-to-Guess User Passwords.
With V6R1, IBM is introducing a new system value named Password Rules (QPWDRULES). In one system value, QPWDRULES allows you to specify all the password rules that users must follow when creating new passwords. QPWDRULES bypasses the tedious process of changing one system value at a time when creating your system's password composition rules. QPWDRULES' list of valid values contain all the old password system value settings, allowing you to easily create a list of password rules that will be enforced whenever a user changes their password.
QPWDRULES also contains many new settings for designating password composition rules. Some of the more interesting settings include:
- *PWDSYSVAL--When setting *PWDSYSVAL as the only password composition value in QPWDRULES, the system ignores the QPWDRULES settings and uses the old pre-V6R1 QPWD* system values for its password composition rules. Conversely, when *PWDSYSVAL is not present in the QPWDRULES system value, the system will ignore the old QPWD* values and takes it password composition rules from QPWDRULES.
- *REQANY3--This setting requires that all new passwords must contain at least three of the following four types of characters: uppercase letters; lowercase letters; digits; or special characters. *REQANY3 helps the system create harder to guess passwords without having to designate a number of other settings in QPWDRULES.
- A number of other system values that designate how many types of characters must be in each password: what kind of adjacent character duplication is allowed in a password (what characters are allowed to sit side-by-side in the password); minimums and maximum types of characters that can be allowed inside a password; what types of characters can be used for the first and last character in a password; and many other settings.
As usual with password composition rules, an administrator always walks a fine line between being too restrictive or too loose in how he allows his users to select passwords. If you're too loose with your rules, the passwords will be too easy to guess. If you're too restrictive with the rules, your users will require a lot of help in configuring a new password. The QPWDRULES system value is an attempt to make it easier to create and maintain effective password composition rules for your system.
More To Come
Keep in mind that I'm just scratching the surface here in identifying V6R1 changes that will affect administrators. Next week, I'll look at some other changes that affect the way you can restore logical files, designate additional security settings, and more. In the months ahead, as more of you actually start to deploy V6R1, we'll also look at how it works on your systems.
RELATED STORIES AND RESOURCES
New Web Console Debuts with i5/OS V6R1
Admin Alert: Eliminating Easy-to-Guess User Passwords
IBM i5/OS & OS/400 Release Support, IBM
Post this story to del.icio.us
Post this story to Digg
Post this story to Slashdot